Building a Resilient World:
The ISAGCA Blog

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

The material and information contained on this website is for general information purposes only. ISAGCA blog posts may be authored by ISA staff and guest authors from the cybersecurity community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

ISA/IEC 62443 Cybersecurity Standards Hit Their Stride

Like a racehorse streaking by, comfortable on the straightaway, the ISA/IEC 62443 series of standards are hitting their stride, finding their place among the essential building blocks of a secure industrial control system.

An ISA standards committee created the ANSI/ISA 62443 series of automation and control systems cybersecurity standards, which have since been adopted by the International Electrotechnical Commission as IEC 62443 and endorsed by the United Nations, by leveraging use cases from more than 20 different industry verticals. ISA/IEC 62443 approaches the cybersecurity challenge in a holistic way, bridging the gap between operations and information technology.

In July 2019, ISA/IEC 62443 gained its greatest champion in the form of the ISA Global Cybersecurity Alliance (ISAGCA). This group of what is now 40 member companies has come together to increase industrial cybersecurity awareness and readiness, in part by developing best practices for applying the ISA/IEC 62443 standards.

Through ISAGCA, industrial asset owners can sit down with automation and control systems vendors—regardless of industry segment or geography—to work together for the greater good. Eight companies were recently announced as new members of this alliance, including UL, the global safety science leader; KPMG, one of the world’s Big Four accounting and consulting firms; power management company Eaton; and others. They join initial founding members Claroty, Honeywell, Johnson Controls, Nozomi Networks, Rockwell Automation, Schneider Electric, and others.

Megan Samford, vice president and chief product security officer for energy management at Schneider Electric, is the recently appointed chairperson of the ISAGCA board. The new vice chairperson is Sharul Rashid, custodian engineer and group technical authority of instrumentation and control for PETRONAS, Malaysia’s integrated oil and gas company. PETRONAS is the world’s fourth-largest exporter of liquid natural gas, and Rashid has more than 30 years of experience leading teams handling instrumentation and control issues in refineries, gas liquefaction and petrochemical plants, and gas pipeline transmission operations.

Said Rashid, “I am honored to work with my colleagues around the world to advance critical cybersecurity initiatives. Together, we will work to increase awareness and expertise, [and] develop best-practice tools to help companies successfully navigate the life cycle of cybersecurity protection.”

Samford said Schneider Electric is also “deeply committed to collaborating across industry to help our customers and all end users.” She is personally excited to work with the diversity of ISAGCA membership, and she’s also looking forward to seeing “community-identified needs and focused initiatives, like ICS4ICS, come to life through ISAGCA and its relationships with other nonprofits and governments from around the world.”

Incident Command System for Industrial Control Systems, or ICS4ICS, is an effort under ISAGCA that seeks to establish an operational incident response organization. The initiative includes a common language for responding to cyber incidents, as well as the development of avenues for mutual assistance between organizations.

ISAGCA is clearly “driving alignment and clarity across public and private sectors,” said its managing director Andre Ristaino. A diverse group of member companies working together on a standards-based, end-to-end approach can help safeguard industry against sophisticated cyberattacks. If ISA/IEC 62443 is the horse and ISAGCA is the jockey, the rest of us are in for a beautiful run.

Do you agree? Talk to me via email at rbassett@isa.org.


A version of this post also appears in InTech Magazine. It is republished here with permission.

Interested in reading more articles like this? Subscribe to the ISAGCA blog and receive weekly emails with links to the latest thought leadership, tips, research, and other insights from automation cybersecurity leaders.

Renee Bassett
Renee Bassett
Renee Bassett is the chief editor of Automation.com, a subsidiary of the International Society of Automation.

Related Posts

What Does the Future of Zero Trust in OT Look Like?

Zero trust principles have established themselves in the mindshare of cybersecurity practitioners worldwi...
Jacob Chapman Dec 20, 2024 7:00:00 AM

North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) and ISA/IEC 62443 Comparative Analysis

The Utilities Technology Council and Cumulys recently prepared a report in partnership with the ISA Globa...
Kara Phelps Dec 13, 2024 7:00:00 AM

Securing PLCs Through the Backplane: Balancing Performance and Simplicity

With the increasing convergence of operational technology (OT) and information technology (IT), the need ...
Ashraf Sainudeen Dec 6, 2024 7:00:00 AM